Facilitating and authenticating transactions

ABSTRACT

A computer, such as a Windows-based PC ( 10 ), has associated with it a Subscriber Identity Module (or SIM) ( 12 ), such as of the type used in a GSM cellular telephone system. The SIM ( 12 ) can be authenticated by the telephone network ( 16 ), in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC ( 10 ) or the PC ( 10 ) itself. Such authentication can, for example, permit use of the PC ( 10 ) in relation to a particular application ( 22 ) which is released to the PC ( 10 ) after the authentication is satisfactorily completed. The application may be released to the PC ( 10 ) by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party.

The invention relates to the facilitation and authentication oftransactions. In embodiments of the invention, to be described below inmore detail by way of example only, transactions between data processingapparatus (such as a personal computer), or a user thereof, and a(possibly remote) third party are facilitated and authenticated, andsuch facilitation and authentication may also involve the facilitationand authentication of a payment or data transfer to be made by or onbehalf of the user to the third party.

According to the invention, there is provided a

method for authenticating a transaction with data processing apparatusin which the data processing apparatus has operatively associated withit authentication storage means for storing predetermined authenticationinformation, and including the step of carrying out an authenticationprocess via a communications link for authenticating the transaction,the authentication process involving the use of the predeterminedauthentication information.

According to the invention, there is also provided a

Data processing apparatus in combination with authentication storagemeans storing predetermined information relating to the authenticationof a transaction with the data processing apparatus, the authenticationstorage means when operatively associated with the data processingapparatus being responsive to an authentication process carried out viaa communications link for authenticating the transaction, theauthentication process involving the use of the predeterminedinformation.

According to the invention, there is further provided a data carriercarrying data for use in and by data processing apparatus, the datacarrier also incorporating authentication storage means storingpredetermined authentication information responsive to an input messagefor deriving a response dependent on the input message and on theauthentication information for use in a remotely operativeauthentication process for authenticating a transaction involving use ofthe data carried by the data carrier.

A method according to the invention of facilitating and authenticatingtransactions involving data processing apparatus such as a personalcomputer, and devices for connection to data processing apparatus (suchas a personal computer) embodying the invention, will now be described,by way of example only, with reference to the accompanying diagrammaticdrawings in which:

FIG. 1 is a block diagram for explaining the operation of the method inrelation to the data processing apparatus;

FIG. 2 is a flow chart for use in the understanding of the block diagramof FIG. 1;

FIG. 3 is a block diagram corresponding to FIG. 1 in which a “dongle” inaccordance with the invention is used;

FIG. 4 is a perspective view of one configuration of a dongle;

FIG. 5 shows a side elevation of a further configuration of the dongle;

FIG. 6 shows a block diagram for explaining the operation of a method ofauthenticating a transaction using data processing apparatus;

FIGS. 7A, 7B and 7C are a flow chart for use in understanding theauthentication process carried out by the data processing apparatus ofFIG. 6.

FIG. 8A shows a front view of a third configuration of a dongle;

FIG. 8B shows a side view of the dongle of FIG. 8A;

FIG. 8C shows a cross-sectional view taken along line x-x of FIG. 8B butwith the dongle connector extended;

FIG. 8D shows a side view corresponding to FIG. 8B but with the dongleconnector extended;

FIG. 9A shows a front view of a fourth configuration of a dongle;

FIG. 9B shows a side view of the dongle of FIG. 9A;

FIG. 9C shows a front view corresponding to FIG. 9A but with the dongleconnector extended;

FIG. 9D shows a side view corresponding to FIG. 9B but with the dongleconnector extended;

FIG. 10A shows a front view of a fifth configuration of a dongle;

FIG. 10B shows a side view of the dongle of FIG. 10A;

FIG. 10C shows a front view corresponding to FIG. 10A but with thedongle connector extended;

FIG. 10D shows a side view corresponding to FIG. 10B but with the dongleconnector extended;

FIG. 11A shows a front view of a sixth configuration of a dongle;

FIG. 11B shows a side view of the dongle of FIG. 1I A; and

FIG. 11C shows how the electrical connector emerges from the casing ofthe dongle.

In the figures like elements are generally designated with the samereference numbers.

There exist many instances when a transaction involving the use of dataprocessing apparatus requires authentication. For example, the dataprocessing apparatus may be required to carry out a transaction, such asthe exchange of information, with a third party, such as a remote thirdparty with which the communication must be made over atelecommunications link (including via the Internet). The third partymay require that the data processing apparatus, or the user thereof forthe time being, is authenticated to the satisfaction of the third partybefore the transaction takes place.

As stated, the transaction may merely involve the exchange ofinformation. For example, the user of the data processing apparatus maysimply need to be authenticated in order to download information fromthe third party. Such information may be information kept by the thirdparty on behalf of the user of the data processing apparatus (forexample, information relating to the user's bank account). Instead, theinformation might be information held on other data processingapparatus, such as a data network belonging to an organisation orcommercial entity with which the user is connected or by whom the useris employed, thus facilitating access to that network by the user whenthe user is travelling. Another possible transaction may involve thedownloading by the data processing apparatus of software from the remotelocation.

In addition, the transaction may require a payment to be made by theuser in order to enable the transaction to take place, such as a paymentto the third party in return for the information provided. Clearly, whensuch a payment is involved, it is important that the user isauthenticated to the satisfaction of the third party and that thepayment is made in a safe, simple and secure manner.

Although the foregoing discussion has referred to a “user” of the dataprocessing apparatus, some at least of the transactions described abovemay not in fact involve any human user: the data processing apparatusmay be required to operate automatically (for example, intermittentlyoperating in an information-gathering or monitoring role, and reportingthe results to a third party). In such cases, it may alternatively oradditionally be necessary for the data processing apparatus toauthenticate itself to the satisfaction of the third party.

The data processing apparatus is provided with, or associated with,means (authentication storage means) for storing predeterminedauthentication information for authenticating that apparatus or aparticular user thereof. In one embodiment, the means for storing thepredetermined information is removable and can thus be taken by the userand inserted into any data processing apparatus (or computer) which isadapted to receive it, so as to enable that user to be authenticated inrespect to a transaction to be carried out by that user with thatcomputer. Advantageously, in such a case the means for storing thepredetermined information is in the form of a smart card.

In a more specific example, the smart card is a Subscriber IdentityModule or SIM of the type used in and for authenticating the use ofhandsets in a mobile or cellular telecommunications network—such as aGSM (Group Special Mobile) or 3G (Third Generation) network. Such anetwork will store details of its users' (subscribers') SIMs. Inoperation of the network, a user's handset is authenticated (forexample, when the user activates the handset on the network with a viewto making or receiving calls) by the network sending a challenge to thehandset incorporating that SIM, in response to which the SIM calculatesa reply (dependent on the predetermined information held on theSIM—typically an authentication algorithm and a unique key Ki) andtransmits it back to the network which checks it against its owninformation for that user or subscriber in order to complete theauthentication process. In the same way, therefore, the SIM can be usedin or in association with the data processing apparatus or computer sothat the same form of authentication process can be carried out. In acase where the SIM is the SIM of a subscriber to a particular cellulartelecommunications network, the authentication process can be carriedout by that network.

It should be noted that the authentication process being described doesnot necessarily authenticate the human identity of the user. Forexample, cellular telecommunication networks have pre-pay subscriberswho are issued with SIMs in return for pre-payment enabling them to makecalls on the network. However, the identity of such pre-pay subscribersis not known (or not necessarily known) by the networks. Nevertheless,such a user cannot make use of the network until the network hasauthenticated that user's SIM—that is, has confirmed that such user is aparticular user who has a particular pre-paid account with the network.The SIMs of such pre-paid users or subscribers could equally well beused (in the manner described) in or in association with data processingapparatus or computers, for the purposes of authenticating that user.

The SIM need not take the form of a physical (and removable) smart cardbut instead can be simulated by being embedded in the data processingapparatus or computer in the form of software or represented as a chipfor example.

It may be desirable to be able to change the authentication informationon the SIM (or simulated SIM) to take account of changed circumstances.For example, the SIM may be a SIM registered with a particular cellulartelecommunications network—a network applicable to the county or regionwhere the data processing apparatus or computer is to be used. However,circumstances may arise (for example, the apparatus or the computer isphysically moved to a different country or region) in which it isdesirable or necessary to re-register the SIM with a different cellulartelecommunications networks. Ways in which this can be done aredisclosed in our co-pending United Kingdom patent publications Nos.2378094, 2378096 and 2378097 and in out corresponding PCT publicationsNos. WO03/013174, WO03/013173 and WO03/013172. As described therein inmore detail, a SIM (and thus also a simulated SIM) may be initiallyprovided with authentication (and other) information relating to each ofa plurality of networks, the information respective to the differentnetworks being selectively activatable.

It is not necessary, however, for the users to be subscribers to atelecommunications network. Instead, they could be subscribersregistered with some other centralised system which could then carry outthe authentication process in the same way as in a telecommunicationsnetwork. In such a case, the registration of a SIM (or simulated SIM)could be transferred from one such centralised system to another in thesame manner as described above.

As described above, an aim of the authentication process is tofacilitate a transaction between the data processing apparatus orcomputer and a third party. Where the authentication process is carriedout by a telecommunications network, or by some other system, to whichthe user of the SIM is a subscriber, the satisfactory completion of theauthentication process would then be communicated by that network orsystem to the third party—to enable the transaction to proceed.

For many transactions of the type described, a payment by the user tothe third party may be involved. An arrangement as described above, inwhich the authentication process is carried out by a telecommunicationsnetwork or other centralised system to which the user is a subscriberadvantageously facilitates the making of such payments and isparticularly advantageous where (as may often be the case) the paymentis for a small amount (for example, payment in return for receipt ofinformation—e.g. weather or traffic information, or for temporary use ofspecific software); in such a case, the payment can be debited to theaccount of the subscriber held by the telecommunications network orother centralised system—and then, of course, passed on to the thirdparty, perhaps after deduction of a handling charge.

The block diagram of FIG. 1 schematically illustrates one way ofoperating the method described above.

A Windows-based personal computer or PC 10 is shown (‘Windows’ is atrade mark). The PC 10 is adapted to receive a SIM showndiagrammatically at 12. The SIM may be removably fitted to the PC, foruse in identifying a user (that is, the holder of the SIM) or may befixed within the PC (for identifying the PC itself). The PC 10incorporates transaction management software 14 which interacts with andcontrols some of the functions of the SIM.

Although an arrangement has been described where the PC 10 is adapted toreceive a SIM, it should be appreciated that a smart card other than aSIM might be used, and this is in accordance with the invention.Further, rather than the SIM (or smartcard) being received by the PC—bybeing removably fitted to the PC or fixed within the PC—the SIM (orsmartcard) could be associated with the PC in any way that allowscommunication between the SIM (or smartcard) and the PC 10. For example,the SIM (or smartcard) could be provided with a “dongle” (examples ofwhich are described hereinafter in detail) which allows wired orwireless communication with the PC 10. Preferably, the communicationbetween the SIM (or smartcard) and the PC 10 is secure. Thecommunications may be encrypted, or any other means for securecommunication may be employed.

Also shown in FIG. 1 is a cellular telephone network 16, such as theVodafone (trade mark) network, and it is assumed that the SIM 12 isregistered with the network 16.

The operation of the system shown in FIG. 1 will be explained inrelation to the flow chart of FIG. 2.

At step A, the user of the PC 10 requests use of a particularapplication 17 on the PC. For example, the user might wish to view webpages containing specialised information which are encrypted and thusnot generally available. In order to do this, the user requests a“session key”—that is, for example, permission to carry out atransaction involving time-limited use of the particular application.The request for the session key is addressed to the transaction manager14. The transaction manager 14 then, transmits identificationinformation derived from the SIM 12 (an “I am here” message) to thesecurity services part 18 of the network 16 (step B). In response to the“I am here” message, the network transmits a random challenge (step C)to the transaction manager 14, this challenge being based on informationknown to the network about the SIM 12.

The double-beaded arrow 19 in FIG. 1 indicates schematically the two-waydata communication between the PC 10 and the network 16. This datacommunication may be over any suitable communication medium. Forexample, the communication medium may be a fixed telephone network (suchas PSTN) or a wireless network. For example, the wireless network may bethe same as the network 16 which provides security services 18, or maybe another network. The data communication may be performed via theInternet. The data communication is preferably in a form that is secureand encrypted.

At step D, the transaction manager 14 transmits a response from SIM 12to the challenge by providing an answer derived from the challenge andthe key held on the SIM. The reply is checked by the security servicespart 18 of the network 16. Assuming that the response is satisfactory,the security services part 18 authenticates the user and confirms thisto the transaction manager 14 (step E)—possibly by providing a populateSecurity Token. At the same time, the security services part 18 in thenetwork transmits the session key (step F) to the application servicespart 22 of the network 16.

The transaction manager 14 also transmits the session key to theapplication 17 (step G).

In the embodiment described, the transaction manager facilitates thetransfer of data to and from the SIM 12. There is no requirement for thetransaction manager to be able to understand or interpret this data. Thefunction of the transaction manager in the embodiment being described isto act as a conduit for the data being passed to and from the SIM 12.

The user can now make the request for the particular application (stepH), accompanying this application request with the session key receivedat step G. The application request of step H is transmitted to anapplication services part 22 which may be part of the network 16 (asshown) or may be separate and controlled by a third party. At step I theapplication services part compares the session key received with theapplication request (step H) with the session key received at step F.Assuming that the result of this check is satisfactory, the applicationservices part 22 now transmits acceptance of the application request(step J) to the PC 10, and the application now proceeds. The session keymay allow time limited use of the application server 22, a single use orinfinite use—depending on the circumstances. The network can now debitthe user's account with a charge for the session. There may becommunication link between the application services part 22 and thesecurity services part 18 to allow data exchange between those parts—forexample to allow the security services part 18 to arrange for the user'saccount with the network 16 to be debited.

The foregoing is of course merely one simple example of animplementation of what has been described.

In an alternative arrangement, a data carrier may be provided with meansfor storing predetermined information such as in one of the formsdescribed above—that is, a SIM or (more probably) software simulating aSIM. The simulated SIM is associated with data stored on the datacarrier. The data carrier may, for example, be a DVD or CD ROM or someother similar data carrier, and the data thereon may be software or asuite of software.

The simulated SIM may be used to identify and authenticate the data(such as the software) on the data carrier. The simulated SIM will beregistered with a telecommunications network or some other centralisedsystem, in the same manner as described above. When the data carrier isplaced in data processing apparatus such as a computer, for use therein,the SIM would be used to identify and authenticate the data carrier andthe data stored thereon and (for example) could then permit the softwareto be downloaded for use in the computer. In this way, the SIM could beused subsequently to block further use of the software (for example, inanother computer), or to allow the data to be used for only apredetermined number of times (whether in the same or in a differentcomputer). If, for example, the data carrier (with its SIM) is placed ina computer which has also received a particular user's SIM then (a) theSIM on the data carrier can be used to identify and authenticate thesoftware and (b) the SIM in or associated with the computer can be usedto authenticate the user and could subsequently be used to enable acharge to be debited to that user as payment for use of the software.

The data stored on the data carrier with the SIM may, for example, beencrypted data. That encrypted data can only be encrypted usinginformation provided by the SIM on the data carrier. In this way, theSIM on the data carrier may control use of the data stored on the datacarrier. For example, the data carrier may be sold with a particularlicence giving a user restricted rights to use the data on the datacarrier. The user may be allowed to use the data for a predeterminedtime period or for a predetermined number of times. Each time the datais used it is decrypted using data stored on the SIM. A record in theSIM (or elsewhere) is maintained of the number of times that the data isdecrypted. When the number of times that the data has been decryptedequals the number of times provided in the licence sold with the datacarrier, the SIM prevents further use of the data by not decrypting thedata. If the data is provided with a licence that lasts until thepredetermined time, each time the SIM decrypts the data, the SIM willcheck that the current time (with reference to a suitable clockprovided, for example, on the SIM, on the PC 10 or with reference to thenetwork 16) so that decryption of the data is only performed up to thetime specified in the licence sold with the data carrier.

Although a simulated SIM is described above, it is presently preferredthat the SIM is implemented in hardware because this is more secure. Thesecret authentication data on a hardware SIM is inaccessible tounauthorised persons.

Rather than the PC 10 being adapted to receive a SIM 12, or a datacarrier being modified to incorporate a SIM or software simulating aSIM, a separate device or “dongle” 30 may be provided for receiving theSIM 12, or for incorporating software simulating the SIM 12.

FIG. 3 shows a dongle 30 that allows data for authenticating atransaction (or for any other appropriate purpose) to be passed betweenthe dongle 30 and the PC 10 and onwardly to/from the network 16.

The dongle 30 comprises a housing 32 having a slot for receiving a SIM12. The housing 32 may be made of any suitable material. Preferably,this material is electrically insulating. For example, the housing maycomprise laser activated resin or plastics.

Appropriate connectors (not shown) are provided within the housing 32for allowing electronic exchange of data between the SIM 12 and thedongle 30. The dongle 30 further comprises a suitable connector 34 forallowing connection for data communication purposes to the PC 10. Forexample, the connector could be a USB connector, a Firewire 1394connector or any other suitable connector. Of course, differentconfigurations of the dongle may be provided. For example, the SIM 12may be accommodated completely within the dongle 30, and may beremovable from the dongle 30 by opening the housing 32, or the SIM 12may be permanently sealed or encapsulated within the dongle casing 32.If the latter arrangement is provided, a user of the telecommunicationsystem may be provided with a first SIM for use, for example, in theirmobile telephone handset and may be provided with a dongle 30 whichhouses a separate SIM which is used for performing transactions via a PC10. If desired, the telecommunications network will include a recordindicating that the SIM within the user's mobile handset and the SIMwithin the user's dongle are commonly owned, and this information may beused to conveniently provide the user with a single account of chargesincurred in respect of use of both the SIMs.

The dongle 30 is provided with a dongle interface driver 36 whichcontrols communication with the PC 10. All communications from the PC 10are routed via the dongle interface driver 36 and data stored on the SIM12 cannot be accessed other than by using the dongle interface driver36. A corresponding PC interface driver 38 is provided for the PC 10.The PC interface driver 38 may, for example, comprise a series ofcommands in the form of a computer programme which is loaded onto andrun by the PC 10. The PC interface driver 38 may, for example, beprovided by or under the control of the network 16. The PC interfacedriver 38 will therefore be “trusted” by the network 16 and will beconfigured to only allow access to the dongle 30 and consequently theSIM 12 in an approved manner which will not allow the securityinformation present on the SIM 12 to be compromised.

To prevent, or to reduce, the likelihood of the PC interface driver 38being replaced or bypassed by an alternative driver, which couldcompromise the security of the data on the SIM 12, the PC interfacedriver 38 and the dongle interface driver 36 are provided withrespective shared secret keys 40, 42. Each communication from the PCinterface driver 38 to the dongle 30 is encrypted using the sharedsecret key 40. All communications from the PC 10 to the dongle 30 arereceived by the dongle interface driver 36. The dongle interface driver36 comprises processing means for decrypting received communicationsusing its secret key 42. To enhance security, the dongle interfacedriver 36 will prevent all communications other than those encryptedusing the shared secret key 40 from sending data to or receiving datafrom the SIM 12.

Therefore, the PC interface driver 38 controls and supervises access tothe dongle 30 and the SIM 12 to reduce the likelihood of the data storedon the SIM 12 being compromised by unauthorised attempts to access theSIM 12.

Provided that a request for access to data on the SIM 12 is approved bythe PC interface driver (according, for example, to criteria set by thenetwork 16), and is therefore communicated to the dongle interfacedriver 36 with the appropriate key 40, a transaction can beauthenticated using the SIM 12 in the manner described in relation toFIGS. 1 and 2.

Although the provision of shared secret keys 40,42 is advantageous, itshould be appreciated that the provision of shared secret keys 40,42 isnot essential to the invention.

In an alternative arrangement the PC interface driver 38 is not providedwith a particular secret key 40. However, the dongle interface driver 36is provided with a key 42. When the dongle 30 is coupled to the PC 10the PC interface driver 38 detects that the dongle interface driver isprovided with a key 42. The PC interface driver 38 may then obtain fromthe network 16 via communications link 19 a key that will allow dataexchange between the PC interface driver 13 and the dongle interfacedriver 36 encrypted using the key 42. For example, the key 42 of thedongle interface driver 36 may be a private key and the key 40 providedto the PC interface driver by the network 16 may be a public key—the twokeys being a public-private key pair. The keys provided by the network16 are preferably not provided on request by any application. Forexample, the network 16 may be configured to only provide these keys toa trusted PC interface driver and/or after some authentication process.

Alternatively, the data transfer between the dongle interface driver 36and the PC interface driver 38 may be not encrypted, or may be encryptedin a way that is common to many dongle interface drivers and PCinterface drivers provided on different equipment, which has theadvantage of allowing the dongle 30 to be used with a multiplicity ofdifferent PCs.

As an added security measure, communications between the PC interfacedriver 38 and the transaction manager 14 may be encrypted. For example,those parts may each have a shared secret key and communications betweenthem may be encrypted using the shared secret key.

A further embodiment to the present invention will be described inrelation to FIG. 4. According to FIG. 4, the dongle 30 has the SIM 12accommodated completely within its housing 32, and the SIM cannottherefore be seen in the Figure. The dongle 30 has a connector 34 forconnection to a PC 10 in a similar manner to the FIG. 3 embodiment. Atthe opposite end of the casing 32 an optional loop connector 44 may beprovided to provide a convenient means for carrying the dongle 30 byattaching it to a user's keyring.

One face of the housing 32 has a variety of push buttons 46 mountedthereon, ten of which have respective numerals from 0 to 9 displayedthereon. In this embodiment, the dongle 30 includes means (such assoftware) for receiving the entry of a PIN number from a user byoperating the appropriately designated push buttons 46 which is comparedto the PIN number provided for and stored on the SIM 12. The SIMs usedin the GSM telecommunications network are conventionally provided withsuch a PIN.

The housing 32 may further optionally provide a display 48 for promptingthe user to enter their PIN number and/or for displaying the PIN numberas it is entered, if desired. On entry of the PIN number using the pushbuttons 46, the entered PIN number is compared to the PIN number storedon the SIM. If the PINs are found to match, communication between theSIM and the PC10 is permitted to authenticate one or more transactions.The comparison between the entered PIN number and the PIN number storedon the SIM 12 is performed within the dongle 30, and neither the enteredPIN number nor the PIN number stored on the SIM is communicated to thePC10. This prevents or reduces the likelihood that the PINs will becomecompromised by disclosure to an authorised party.

To allow entry of the PIN the dongle 30 requires a power supply. Powercan be provided by the PC 10. Advantageously, the PIN has its owntemporary power supply which allows the PIN to be entered and verified.Subsequently, the power supply is interrupted and the PIN data is lost.This is an additional security feature, and is described in more detailbelow.

The PIN entry comparison arrangement of FIG. 4 may be provided inaddition to or as an alternative to the interface drivers 36,38 andshared secret keys 40,42 of the arrangement shown in FIG. 3.

It should be appreciated that as an alternative to push buttons 46,other means could be provided for allowing PIN entry. Alternatively, theuser could be authorised to use the SIM by obtaining some other securityinformation from the user and comparing this with data stored on the SIM12. For example, the data obtained could be the user's fingerprint orsome other characteristic which is unlikely to re-occur on anotherperson—for example, any suitable biometric data. The details of thefingerprint (or other information) are stored on the SIM for comparisonwith the input data representing the characteristics.

As an additional security feature in the FIG. 4 embodiment, a displaymay be provided which displays the name of the application ororganisation which requests information from the SIM 12. This wouldallow the user to monitor requests being made to his SIM 12.

If the respective interface drivers 36,38 and shared secret keys 40,42described in relation to FIG. 3 are used in a system which also includesthe PIN entry and comparison arrangement described in relation to FIG.4, to provide an added level of security, the dongle 30 can beprogrammed to display the name of the application or organisationrequesting data from the SIM 12 and may then prompt the user to approvethe supply of data for each or selected applications/organisations byentering the user's PIN using keypad 46. As an alternative to entering aPIN the, user could be prompted to activate a “confirm transaction”button or the like.

The dongle 30 may be used to facilitate transactions with dataprocessing apparatus other than PCs. For example, a user having anaccount with network 16 and being provided with a dongle 30 can insertthe connector 34 into an appropriately configured slot in a parkingmeter which is connectable to the network 16. The SIM 12 containedwithin the dongle 30 is authenticated in the manner described aboveusing a transaction manager provided within the parking meter. By thismeans, payment for parking can be made by deducting an appropriateamount from the user's account with the network 16. Advantageously, thedongle 30 will be provided with push buttons 46 and the dongle willprompt the user to enter a PIN which is compared to the PIN stored onthe SIM so that the dongle 30 cannot be used by an unauthorised party.The dongle could be programmed to allow the push buttons 46, undercontrol of the parking meter, to allow entry of data relevant to thetransaction—for example, the length of time for which the parking spaceis required.

The dongle 30 could, for example, also be used in a similar way with anappropriately configured DVD player to allow a film to be viewed onpayment of a fee deducted from the user's account with the network 16.The system may be arranged to allow the dongle 30 to operate as a key ina digital rights management scheme, as described in our co-pendingpatent application entitled “Data Processing” filed on even date withthe present application. The dongle could also allow products to bepurchased from an appropriately configured vending machine or tickets tobe purchased from an appropriately configured ticketing machine. Suchmachines will include a processor so that the functions corresponding tothose performed by the transaction manager 14 of the PC 10 can beperformed by the machines.

In the above description it has been indicated that the SIM used toauthenticate the transaction could have the form of a conventional SIMwhich is either inserted in an appropriate slot within the PC 10 or inthe dongle 30 (if provided). This could simply be the SIM that asubscriber to a mobile network uses in their conventional mobileterminal to make and receive calls. Alternatively, the SIM 12 could beembedded within the PC 10 or the dongle 30 (such that it cannot bereadily removed or cannot be removed at all). Further alternatively, theSIM may not have a separate physical form, but may be simulated by meansof software and/or hardware within the PC 10 or the dongle 30. The SIMcould be simulated or incorporated into the chip set of the PC 10. Forexample, the SIM could be incorporated or simulated within the centralprocessor unit of the PC 10. Such an arrangement prevents the SIM (orsimulated SIM) being removed from the PC 10 (other than by rendering thePC 10 useless).

If the SIM is of a form that is not readily removable from the PC 10 ordongle 30, a subscriber to the telecommunications system may be providedwith a second SIM for use, for example, in their mobile telephonehandset.

If, however, the same SIM is used (in the PC 10 or the dongle 30) toauthenticate transactions and for use in the conventional manner withthe telecommunications network (for example, to make and receive callsusing a mobile telephone), the same data may be used to provideauthentication of transactions as is used to authenticate the SIM withthe mobile telephone network when a call is being made. Alternatively,the SIM may have separate records for performing each authenticationtype. There may be a first record containing data and/or algorithms foruse in authenticating transactions, and a second, separate record foruse in the conventional manner for authenticating the terminal with thetelecommunications network. The first and second records may haverespective authentication keys, unique identifiers to thetelecommunications network and/or unique authentication algorithms.

The first record may itself comprise a series of separate records, eachregistered with the telecommunication network, for allowing transactionsauthenticated under the control of the separate records to be recognisedand billed separately. This is now described in more detail in relationto FIG. 5. In FIG. 5, the dongle 30 may contain a plurality of SIMs 12,or may have a plurality of SIMs simulated within the dongle.Alternatively, rather than a plurality of complete SIMs being providedor simulated, a plurality of different records could be stored on thedongle 30. Whether a plurality of SIMs is provided, a plurality ofsimulated SIMs is provided or a plurality of alternative records isprovided, these can be regarded as respective unique data records whichare identifiable to the telecommunications network.

Such an arrangement may be desirable, for example, when a user orsubscriber wishes to use their dongle 30 in multiple environments. Whenthe user or subscriber is performing duties for their employer, thedongle 30 will activate the data record associated with the employer.Transactions authorised using that data record will, where appropriate,result in a charge being made to the employer's account. When the useror subscriber is not performing duties for their employer, the personaldata record is then activated. Transactions authenticated using thedongle 30 will result in a charge being deducted from the user'spersonal account. This allows transactions performed by the user orsubscriber in a personal capacity to be separated from those performedon behalf of his employer. The mode of the dongle 30 (that is, whetherthe data record for the employer or the personal data records areactivated) may be controlled by a mode switch 50 provided on the dongle30, or the mode may be altered using software provided in thetransaction manager 14 or PC interface driver 38 running on the PC 10.When instructed by the user, the software would cause appropriatesignals to be sent to the dongle 30 to change the active SIM, simulatedSIM or data record.

As an added security measure, the dongle may require the subscriber toenter a PIN (or provide other data) in order to activate different modesof the SIM (e.g. “employee” mode or “personal” mode). A different PINcould be required to activate each mode.

The dongle 30 thus far described has a physical connector 34 (such as aUSB connector) to enable data communication with a PC10. As analternative to a physical connector 34, a wireless link between thedongle 30 and the PC 10 may be provided. Data exchange may take place,for example, by using near field techniques, using Bluetooth technology,by infra-red signalling or any other suitable means.

Rather than a separate dongle 30 being provided, a user's SIM may belocated in a mobile terminal (such as a mobile telephone handset) in theconventional way. The SIM may authenticate transactions with the PC 10by suitable data exchange between the mobile terminal and the PC 10.This could be achieved by providing the mobile terminal with a physicalconnector (such as a USB connector) to connect the PC10 whenauthorisation of a transaction is required, or could be done by any ofthe wireless techniques described above. Preferably, this communicationis encrypted or made secure in some other way. If the SIM is providedwith separate data records for conventional mobile telecommunicationspurposes and for authorising transactions, it may be possible tosimultaneously make a telephone call, for example, with thetelecommunications network and authenticate a transaction with the PC10. The mobile terminal may conveniently provide the communication linkbetween the PC 10 and the network 16. The coupling of the mobileterminal to the PC 10 therefore in this arrangement not only allowsauthentication of transactions but also conveniently provides acommunication medium between the PC 10 and the network 16. In analternative arrangement, the mobile terminal still providescommunication over a mobile telecommunications network, but this isdifferent to the network 16.

The dongle 30 may also perform the functions of a conventional data cardfor use with a PC (or other computing device). With this arrangement,the dongle will be of a suitable size and will include suitableconnectors for allowing it to operate as a data card, in addition to thedongle having the functions described above.

A further enhanced embodiment of an arrangement for authorising atransaction will now be described with reference to FIG. 6 and the flowchart shown in FIGS. 7A,7B and 7C.

A client platform, such as PC 10, includes a transaction manager 14. Adongle 30 having a SIM 12 therein is provided and communication betweenthe dongle 30 and the transaction manager 14 is performed via connection34 (which may be a wired or wireless connection). In this embodiment thetransaction manager 14 incorporates the PC interface driver 38 shown inFIG. 3, and therefore the PC interface driver is not shown as a separateitem in FIG. 6. Similarly, the dongle 30 incorporates the dongleinterface driver shown at 36 in FIG. 3, and therefore a separate dongleinterface driver is not shown in FIG. 6.

The PC 10 may, for example, use the Windows (RTM) operating system.

A plurality of client applications 17 are provided on the PC 10, whichallow the user to obtain services from respective remote serviceproviders 22. It should be understood that by “remote” it is notintended to imply that there must be a particular geographical distancebetween the PC 10 and the service providers 22. However, generally theservice providers 22 will be controlled independently of the PC10—although this is not essential.

In this embodiment a mobile telecommunication network 16 providesnetwork services 100, such as SMS, MMS, location based services, etc.The network 16 also provides an authentication service 102 and a paymentservice 104. However, it should be understood that the network may beany type of network—the invention is not restricted to mobiletelecommunication networks. For example, the authentication service 102and payment service 104 may be provided in a computer that is linked toPC 10 by a local area network, a wide area network and/or the Internet.

When the subscriber wishes to use a service provided by a remote serviceprovider 22 (step A of the flow chart shown in FIG. 7A), the subscribercouples their SIM 12 to the PC 10 by inserting their dongle 30containing the SIM 12 into the appropriate connecting slot of the PC 12or using a wireless link (step B). The subscriber then activates on thePC 10 the relevant client application 17 to obtain a required service(step C). For example, the client application 17 could be specialsoftware provided by or under control of a service provider 22 forinstallation on the subscriber's PC 10. Alternatively, a clientapplication 17 might be a web browser for visiting an appropriate website of the service provider 22.

To illustrate the operation of the system shown in FIG. 6, an examplewill be given for a subscriber wishing to purchase a particular CD froma vendor which is a service provider 22. Using a graphical userinterface present on the PC 10 the subscriber launches web browsersoftware provided on the PC 10 and, via the Internet, accesses the website of the service provider 22. The web browser software constitutesthe client application 17, and allows access to the web site associatedwith the service provider 22 which distributes CDs.

Data communication between the client application 17 and the serviceprovider 22 may be by a fixed network (e.g. PSTN) or by a wirelessnetwork—such as the network 16 or another mobile telecommunicationsnetwork.

The facility for the subscriber to login to the website may be provided.Advantageously, service providers approved by the network 16 may allowsubscribers to register a “pseudonym” with the service provider. Thepseudonym has associated with it certain data that the subscriber maywish to use when obtaining service from the service provider. This datais stored by the network 16. The data is not permanently stored by theservice provider (although of course the service provider maintains alist of pseudonyms associated with subscribers of the network 16)—forexample with reference to the subscriber's SIM identifier.

The Authentication Service may allow a Service Provider to storePseudonym data against a SIM—with the subscriber's permission. ThePseudonym data will be stored centrally and may be distributed to theSIM by the Authentication Service supplier.

An example of the information that the network 16 holds for a subscriber(subscriber A) is set out below. DATA FOR SUBSCRIBER A SIM IDENTIFIER(S)MSISDN(S) PSEUDONYMS FOR Service Provider A NAME ADDRESS PREFERENCESBANK ACCOUNT DETAILS FOR Service Provider B NAME ADDRESS PREFERENCESBANK ACCOUNT DETAILS FOR Service Provider C NAME ADDRESS PREFERENCESBANK ACCOUNT DETAILS

As well as the network 16 storing the data relating to a subscriber'sSIM and their MSISDN, the network 16 also includes a list of pseudonymsthat the subscriber has established with various service providers(service providers A, B, C, . . . ). The information stored for anyparticular service provider may be different, and will depend upon whatinformation the service provider might usefully require from thesubscriber and upon the information that the subscriber is willing toprovide to the service provider. In the example shown, the pseudonymmight include details of the name and address of the subscriber and anypreferences that they may have relating to the particular service. Inthe example of a subscriber wishing to purchase a CD from serviceprovider 22, this might include the subscriber's preference for aparticular type of music, allowing the service provider to tailor itsservice, perhaps to offer the subscriber CDs relating to a type of musicthat the subscriber prefers.

When the user accesses the website, the service provider 22 will causethe subscriber as part of the login procedure to be prompted, using theweb browser, to enter a “pseudonym” which that subscriber may havepreviously registered with the service provider 22 (step D). If apseudonym has been previously registered by that subscriber with theservice provider 22, the subscriber enters their pseudonym and this issent by the client application 17 (step E) to the service provider 22.The service provider 22, by means of link 106 (FIG. 6) then transmitsthis pseudonym to the authentication service 102 of the network 16. Theauthentication service 102 then determines whether the pseudonym isvalid as far as the network 16 is concerned, and if it is determined tobe valid, the network transmits details stored thereby that areassociated with that pseudonym to the service provider 22 (step F).

If no pseudonym exists, the subscriber then enters the details requiredby the service provider 22 (such as their name and address)—step G.

At this point the service provider 22 may prompt the subscriber to askwhether it would like to set up a pseudonym for use with that serviceprovider. If the subscriber wishes to set up a pseudonym with thatservice provider, the service provider then requests relevantinformation from the subscriber, such as their name, address, musicpreference details and the like. Some of this information may beessential to set up a pseudonym (such as the subscriber's name andaddress), whereas other data may be optional (such as the subscriber'smusic preferences). It is considered advantageous that the subscribercan select which information is provided to the service provider for usein their pseudonym, and also advantageous that a pseudonym is for usewith a particular service provider only. When the data for establishingthe pseudonym has been entered, this information is passed via the link106 to the authentication service 102 of the network 16. The pseudonymis stored by the service provider 22 but the data associated with thatpseudonym is not permanently stored by the service provider 22 (thatinformation is provided on request to the service provider 22 by theauthentication service 102 of the network 16).

It is important to note that the service provider 22 only has access todata associated with the particular pseudonym that the subscriber usesin relation to that service provider. The separate records associatedwith pseudonyms for other service providers are stored separately by thenetwork 16. This is advantageous because, for example, a subscriber maybe willing for personal medical data to be associated with a pseudonymthat that subscriber uses when obtaining services from their physicianbut would not wish this information to be made available to otherservice providers.

The subscriber searches the web site to identify the CD that thesubscriber wishes to purchase. When the CD required by the subscriber isidentified, the subscriber causes the client application 17 to send arequest for service message to the service provider 22 (step H)—forexample by making a mouse click on a “purchase CD” button provided bythe web site. The message includes data identifying the CD required,data identifying the subscriber (such as the subscriber's SIMidentifier), including a field indicating that the subscriber hasinstalled on their PC a transaction manager 14 which can authenticate atransaction by means of the subscriber's SIM 12.

At this stage in the transaction, the service provider 22 has beenprovided with certain details of the subscriber, including thesubscriber's name, address and the CD that they wish to order. Thisinformation might be provided by somebody who is not truly thesubscriber. To authenticate the transaction the service provider 22constructs a service context S_(C) (step I). The service context is adata packet including the following fields:

-   -   An identifier of the service provider 22    -   The subscriber's name (or other identifier such as a SIM        identifier)    -   Details of the transaction to be authenticated (in this case the        purchase of a CD)

Additional or alternative information may of course also be provided.

The service context S_(C) is sent via the Internet to the clientapplication 17. The client application 17 passes the service contextS_(C) to the transaction manager 14 (step J). The client application 17may add its own identifier to the service context S_(C) to allow thenetwork 16 to determine from which client application the transaction isderived.

The transaction manager 14 analyses the service context and establishesthat a request for authentication of the transaction by the network 16is required. The transaction manager detects whether the subscriber'sdongle 30 containing their SIM 12 is present (step K). If the dongle 30is not present, the user is prompted to make their dongle available. Thetransaction manager 14 may also display a description of the transactionto be authenticated—and the subscriber can be provided with the optionto approve or disapprove the transaction. Assuming the dongle is presentand the transaction is approved by the subscriber, the transactionmanager 14 then sends a request to the authentication service 102 of thenetwork 16 for a security token S_(X) (step L). The request sent to theauthentication service 102 includes the service context S_(C). That datamay be transmitted over any suitable network. The data may betransmitted via the Internet. The data may be transmitted over a fixedtelephone network, or over the mobile or cellular infrastructure oftelecommunications network 16.

The dongle 30 may include means for allowing a PIN or biometric data tobe entered as described above in relation to FIG. 4. If the subscriberis prompted to enter their PIN, or provide other data, prior toauthentication of a transaction, this provides an added level ofsecurity. The transaction manager 14 and/or SIM 12 may store a list oftrusted client applications 17. These applications may be provided witha key (or other identifying data). For the trusted applications, thetransaction manager and SIM may be configured to accept the key ratherthan requiring the subscriber to enter their PIN.

As an additional security feature, the dongle may be provided with ascreen which displays the name of the application or organisation whichrequests information from the SIM 12, as described in relation to theFIGS. 3 and 4 embodiment. This would allow the user to monitor requestsbeing made to his SIM 12. The dongle 30 can be programmed to display thename of the application or organisation requesting data from the SIM 12and may then prompt the user to approve the supply of data for each orselected applications/organisations by entering the user's PIN using akeypad, or by providing other identifying data.

The subscriber will thereafter be authenticated by the authenticationservice 102 performing a challenge and response session with the SIM (bysending data via the transaction manager 14)—step M. For example, theauthentication service 102 will send a random challenge to thetransaction manager 14, which is transmitted to the SIM. The SIMresponds by encrypting the random challenge using both an authenticationalgorithm and a unique key Ki resident within the SIM and assigned tothat particular subscriber. The response is transmitted by thetransaction manager to the authentication service 102. Theauthentication service 102 analyses the response to determine whether itis the response that would be expected from that subscriber's SIM. Ifthe response is as expected, then the authentication service 106 issuesa security token S_(X) and sends this to the transaction manager (stepN). The transaction manager 14 itself need not understand the dataexchanged during the challenge and response procedure—it merely acts asa conduit for this data.

As described in relation to FIG. 3, to prevent, or to reduce, thelikelihood of the transaction manager 14 being replaced or bypassed byan alternative application, which could compromise the security of thedata on the SIM 12, the transaction manager 14 and the dongle interfacedriver may be provided with respective shared secret keys. Eachcommunication from the transaction manager 14 to the dongle 30 is thenencrypted using the shared secret key 40. All communications from the PC10 to the dongle 30 are received by the dongle interface driver. Thedongle interface driver comprises processing means for decryptingreceived communications using its secret key. To enhance security, thedongle interface driver will prevent all communications other than thoseencrypted using the shared secret key from sending data to or receivingdata from the SIM 12.

Therefore, the transaction manager 14 controls and supervises access tothe dongle 30 and the SIM 12 to reduce the likelihood of the data storedon the SIM 12 being compromised by unauthorised attempts to access theSIM 12.

However, it should be appreciated that the use of such shared secretkeys is not essential.

If a payment for the transaction is required, details of the requiredpayment are included in the service context S_(C). This information isextracted from the security context S_(C) by the authentication service102. The authentication service 102 then sends a message to the paymentservice 104 via link 105 which reserves funds in the subscriber'saccount with the network 16. It is important to note that no payment ismade, or authorised, at this stage. However, the payment service 104 isaware that a payment is likely to be required imminently, andappropriate funds are reserved in the user's account for thattransaction.

The security token is a data packet which includes the Security TokenS_(X) and the following fields:

-   -   subscriber's identity—such as a SIM identifier    -   an indication of the service provider 22 identity    -   an indication of the service that has been authenticated—in this        example the order of a particular CD    -   an indication of the authentication service 102 identity    -   an indication of which payment service should be used (if        payment is required)

Other fields may be provided additionally or alternatively, depending onthe circumstances.

The security token S_(X) is passed to the client application 17 (stepO).

The client application 17 then passes the security token to the serviceprovider 22 (step P).

The security token S_(X) includes data specific to a particularsubscriber and a transaction with a particular by the service provider22. Numerous transactions may be handled by the network 16, transactionmanger 14 and service provider 22 in parallel. These will bedistinguishable from one another by virtue of the data specific to aparticular transaction with a particular by the service provider 22 inthe security token S_(X).

If the security token S_(X) is intercepted as it passes between thenetwork 16 and the transaction manager 14, or between the clientapplication 17 and the service provider 22, it will have no value to theinterceptor. The security token S_(X) is specific to particulartransaction with a particular by the service provider 22, and theprovision of a service to a particular subscriber.

On receipt of the security token S_(X) by the service provider 22 itscontent is analysed and, if it is established that it corresponds to aservice context Sc issued by the service provider 22, the serviceprovider 22 may assume that the request for service (order of a CD) islegitimately made by the subscriber. The Service Provider 22 couldpresent the Security Token Sx to the Authentication Service 102 to checkthe validity of the token. The authentication service 102 then checksthe integrity of the Security Token Sx and validates the content of theSecurity Token Sx. The authentication service 102 then sends a responseto the service provider 22 indicating that the Security Token Sx isvalid. Alternatively, the authentication service 102 may send data tothe service provider 22 that allow the service provider 22 itself todetermine the integrity and validity of the Security Token Sx.

The service provider 22 then determines whether a payment needs to bemade (step Q). If no payment is required the CD can then be despatched.However, if a payment is required, the service provider 22 thengenerates a payment context P_(C) which includes the following fields:

the security token S_(X)

the amount of the payment requested

Of course, further or additional fields may be required in accordancewith the circumstances.

The payment context P_(C) is sent to the client application 17 (step R).The client application passes the payment context P_(C) to thetransaction manager 14 (step S).

The transaction manager 17 then sends the payment context P_(C) to thepayment service 104 of the network 16 (step T). The payment contextP_(C) is analysed by the payment service 106. The presence of thesecurity token S_(X) in the payment context indicates to the paymentservice that this is a genuine request for payment associated with thesubscriber indicated by the security token S_(X), and the paymentservice then consults the subscriber's account with the network 16 todetermine that the payment can be authorised (which might depend on thesubscriber's credit rating and/or payment history with the network 16and/or the status of their pre-pay amount) and, if appropriate,authorises the payment by issuing a payment token P_(X) (step U).

The transaction manager 14 then sends the payment token P_(X) to theclient application 17 (step V). The client application 17 then sends thepayment token P_(X) to the service provider 22 (step W). The serviceprovider 22 then uses the payment token P_(X) to obtain payment from thepayment service 106 of the network 16 (step X). To do this the serviceprovider 22 transmits the payment token P_(X) to the payment service 104via link 108. The payment service analyses the payment token P_(X) andrecognises that this is a payment token that has been legitimatelyissued by the payment service to the transaction manager 14, and thenmakes the appropriate adjustment to the subscriber's account with thenetwork 16.

Advantageously, if the user has a pseudonym associated with the serviceprovider 22, the service provider 22 may update that pseudonym on thebasis of any new information learnt about the subscriber from thetransaction—for example, a change in music taste.

The communications between the PC 10 and the network 16 are preferablyencrypted, as described above. It is also preferable for communicationsbetween the components within the PC 10 and within the network 16 to beencrypted—for example by use of shared keys.

In the arrangement described above, the subscriber is authenticated onlywhen they wish to purchase a CD. In an alternative arrangement, thesubscriber may be authenticated when they log onto the web site. Theservice provider will then have a security Token Sx relating to thatsubscriber's session with the web site. When the subscriber wishes tomake a purchase, the Security Token Sx is sent to the authenticationservice 102. The authentication service 22, depending on the value ofthe purchase, for example, my either validate the Security Token Sx orrequire the service provider 22 to obtain a further security token viathe client application 17, transaction manager 14 in the mannerdescribed above. Any pseudonym data relating to that subscriber and forthat service provider 22 can be provided to the service provider 22 uponauthentication of the subscriber.

The Security Token Sx may be valid for a limited time period. The SIM isadvantageously provided with means for accurately determining the truetime—for example with a tamper-resistant internal clock, a clockprovided by the PC 10, or a time indication from the network 16 (whichwill be a “trusted” time).

The subscriber may obtain network services 100 from the network 16 in asimilar manner to the way in which services are obtained from theservice provider 22. That is, the network service provider 100 willissue a service context S_(C) when the request for service is receivedfrom the client application 17. A security token S_(C) is obtained fromthe authentication service 102 via the transaction manager 14 followingauthentication using the SIM 12. Payment by the subscriber for thenetwork services may be performed in the manner as described in relationto the service provider 22 (by issuance of a payment context P_(C) andthe generation of a payment token P_(X)).

It is also possible that a direct link is provided between a remoteservice provider 22 and a network service provider 100, as indicated bya link 107. This will allow network services to be provided to asubscriber by means of a remote service request made to a serviceprovider 22.

For the purposes of the remote service provider 22 obtaining servicesfrom network service provider 100, the remote service provider 22 isprovided with a unique identifier for use with the network serviceprovider 100. When the remote service provider 22 wishes to obtain anetwork service from network service provider 100 on behalf of asubscriber, this unique identifier is transmitted to the network serviceprovider together with a request for the network service. The networkservice is then provided as requested and a charge made by the networkservice provider 100 to the account of the service provider 22 with thenetwork 16. The remote service provider 22 will typically wish to make acharge to the subscriber for use of the relevant network service (tocover the costs that the remote service provider 22 has incurred andcharges for any additional services provided by the remote serviceprovider 22), and payment for this will be obtained by issuing a paymentcontext PC and obtaining a payment token P_(X) in the manner describedabove.

It has already been explained above that the transaction manager 14 andclient application 17 could be provided in a device other than a PC10—such as in a parking meter or a vending machine or ticketing.

A further example of the use of this system will now be described inrelation to the renting of a vehicle. A subscriber to network 16 couplestheir dongle to a PC 10 (or other processing device) at the offices ofthe vehicle rental company. The PC 10 includes the transaction manager14 and a client application 17 for providing access to the vehiclerental service provider 22.

If the subscriber has a pseudonym for use with the service provider 22,the subscriber will provide this to the service provider 22, which isthen able to access relevant data relating to the subscriber from theauthentication service 102 of the network 16. If the subscriber does nothave a pseudonym associated with the service provider 22, the userprovides relevant details when prompted by the service provider 22, suchas the subscriber's name, address, the type of vehicle they wish to rentand the duration of the rental period.

The service provider 22 then creates an appropriate service contextS_(C) and transmits this to the client application 17. The transactionmanager 14 receives the service context S_(C) and passes this to theauthentication service 102 of the network 16 to seek a security tokenS_(X) following authentication of the transaction by the challenge andresponse procedure performed between the authentication service 102 andthe SIM 12 via the transaction manager 14 in the manner described above.If the SIM 12 is authenticated by the authentication service 102 of thenetwork 16, a security token S_(X) is issued to the transaction manager14. The security token S_(S) is passed to the client application 17, andfrom there to the service provider 22 to authenticate the transaction.

By means of a link 105 between the authentication service 102 and thepayment service 104, appropriate funds can be reserved from thesubscriber's account with the network 16. For example, funds may bereserved to cover the expected rental charges and possibly a deposit.

Because the total charge for renting the car may not be known (as it maydepend on the distance travelled by the subscriber, the amount of timethe subscriber spends driving the vehicle and the date on which thevehicle is in fact returned), a payment context P_(C) may not be issuedby the service provider 22 at this stage.

Thus far, the subscriber has authenticated the transaction with thevehicle rental company. The vehicle rental company will then allocate acar. According to an optional feature of this embodiment, the dongle mayallow the user to enter and drive the car—that is, the dongle will actas substitute to a conventional key for the vehicle. This may beachieved by providing the vehicle with means for authenticating the SIMon the subscriber's dongle, or alternatively may be performed byproviding the dongle with a storage location for storing securityinformation specific to the vehicle rental company. This securityinformation is interrogated by the vehicle, and if validated will allowuse of the vehicle.

Whether or not the dongle is in fact used to obtain access to thevehicle and allow the vehicle to be driven, by coupling the dongle tothe vehicle access to the mobile network 16 may be provided in theconventional way using a mobile telephone transceiver built into thevehicle. The coupling of the dongle to the telecommunication system ofthe vehicle is analogous to inserting the subscriber's SIM into a fixedtelephone provided on the vehicle. If there is not coverage by thenetwork 16 in the area that the vehicle is located, telephone calls canstill be made where a roaming agreement is present between thesubscriber's network 16 and any network that is operational in thelocality of the vehicle.

The coupling of the dongle to the vehicle systems may also allow thevehicle rental company to calculate the amount of time that thesubscriber has spent using the vehicle, and the vehicle rental companymay wish to charge the user on this basis.

When the vehicle is returned to the rental company, an appropriatecharge is calculated by the vehicle rental company service provider 22(possibly using information from the vehicle systems as describedabove), and an appropriate payment context PC is generated andtransmitted to the client application 17 present on PC 10 (which couldbe a different PC from the PC 10 used to initiate the transaction withthe vehicle rental company. The transaction manager 14 of the PC 10 thenreceives the payment context P_(C) and obtains from the payment service104 of the network 16 a payment token P_(X). This is passed to theservice provider 22 via the transaction manager 14 and clientapplication 17, and the service provider 22 is then able to collect theappropriate payment from the payment service 104 of the network 16.

In a further example, the transaction manager 14 and the clientapplication 17 are provided in a vehicle as part of the vehicle'son-board telecommunication system. The vehicle, for example in aconvenient position on the dashboard, includes a connector to receive asubscriber's dongle 30 (although, of course, a wireless connection couldalternatively be provided). When the subscriber inserts the dongle 30,access to remote services provided by service providers 22 may beobtained using the transaction manager 14 and client application 17 inthe manner described in relation to FIGS. 6 and 7.

Because the vehicle is, of course, mobile, communications between theclient application 17 and the remote service provider 22 andcommunications between the transaction manager 14 and the authenticationservice 102 and the payment service 104 (or between the clientapplication 17 and the network service 100) will be provided by awireless link, such as by use of a mobile or cellular radio networkusing a telephone transceiver already present in the vehicle. Thenetwork used to perform these communications may be the same as thenetwork 16 providing the authentication and payment services 102 and104, or may be a different network.

While inserting the dongle 30 into the connector of the vehicle, theuser may also be able to make and receive telephone calls in the usualmanner as if the user had inserted their SIM card in a fixed mobiletelephone system of the vehicle. However, because the transactionmanager 14 and client application 17 are present, the subscriber is alsoable to obtain other services from remote service providers 22. Forexample, the subscriber may wish to download music in the form MP3 filesto the car audio system, or obtain navigation or traffic information.

The authentication and payment procedure described above in relation toFIGS. 6 and 7 may be modified from step N onwards. When theauthentication service 102 has received the service context Sc and hasauthenticated the subscriber, a request to the payment service 104 isthen made via link 105 to reserve the appropriate funds. This requestincludes the security token Sx—which allows the payment service 104 tovalidate the request. The payment service 104 then issues a paymenttoken P_(x). The transaction manager 14 then passes the payment tokenP_(x) with the security token Sx to the client application 17. Theclient application 17 sends the payment token PX with the security tokenSx to the service provider 22. The service provider 22 then confirms thevalidity of the payment token P_(x) by sending this to the paymentservice 104 via link 108 and confirms the validity of the security tokenSx by sending this to the authentication service 102 via link 106.

As an alternative to obtaining subscriber pseudonyms in the mannerdescribed above, the Service Provider 22 may present the Security TokenS_(x) to the Authentication Service 102 in conjunction with a requestfor any pseudonym associated with the SIM 12 and the Service Provider22. The Authentication Service 102 validates the token and returns theappropriate Pseudonym (or related data) to the Service Provider 22.

To enhance the security of the system the Service Provider 22 could beprovided with a Certificate (shared key) which is used to encode allrequests from the Service Provider 22 to the Authentication service 102.Thus the Authentication Service 22 can then have a degree of trust inwho is making the requests for Pseudonym or associated SIM data.

The service provider, being sure that the subscriber or payment isauthenticated, is then able to despatch the CD to the subscriber.

In order to obtain payment the service provider 22 may proceed in one ortwo ways:

In the first procedure the service provider 22 issues a request forpayment clearance by sending a data packet including the payment tokenP_(x) (and the Security Token S_(x)) to the client application 17. Theclient application 17 passes the payment clearance request to thetransaction manager 14, which in turn passes the payment clearancerequest (with the payment token P_(x)) to the payment service 104. Atthis point the payment service may instruct the authentication service102, via link 105, to authenticate the subscriber by challenge andresponse data exchanged with the SIM 12 (via the transaction manager14), although this is an optional step. In any event, the paymentservice 104 checks the payment token P_(x) and the security token S_(x)(contained in the same packet) and then clears funds in the subscriber'saccount with the network 16. The payment service 104 then sends amodified payment token P_(x1) to the transaction manager 14. Thetransaction manager 14 passes the modified payment token P_(x1) to theservice provider 22 via the client application 17. The service provider22 is then able to validate the payment token by direct link 108 with apayment service 104.

As an alternative to the procedure described above, the service provider22 may request the payment service 104 for payment clearance via link108 by sending the appropriate payment token P_(x). The payment service104 then validates the payment token and clears the funds. The paymentservice 104 responds to the service provider 22 confirming that thepayment has been cleared.

FIGS. 8 to 11 show further examples of dongle configurations that couldbe used in conjunction with the systems described in relation to FIG. 1or 6 as an alternative to the first configuration shown in FIG. 4 andthe second configuration shown in FIG. 5.

FIGS. 8A to 8D show a third configuration of a dongle indicatedgenerally at 250. The dongle 250 does not include a display or pushbuttons. The dongle 50 is of generally elliptical cross-section andincludes a generally rectangular aperture 252 formed in the top endthereof that allows an electrical connector 254 of generally rectangularcross-section to emerge therefrom. The aperture 252 is closed by aclosure member 256 which is generally C-shaped in cross-section,extending from the top of dongle 250 along each side face 258, andpivoted about a centrally mounted pivot point 260. The connectionbetween the closure member 256 and the side walls 258 of the dongle 250at the pivot point 60 allows the closure member 256 to be rotated aboutthe pivot point 260 as shown by arrow 262.

FIG. 8C is a cross-section taken along line X-X of FIG. 8B and showsschematically the mechanism by which the electrical connector 254 can bemoved between a first position, shown in FIGS. 8A and 8B, where theconnector 54 is contained wholly within the casing of the dongle 250,and the second position, shown in FIGS. 8C and 8D, where the electricalconnector 254 protrudes from the casing of the dongle 250. The mechanismfor providing this movement of the electrical connector 254 comprises arack 264 which is coupled to the connector 254 and a cooperating pinion266, mounted at pivot point 260, the teeth of which engage the rack 264.The pinion 266 is fixed with respect to the closure member 256. Rotationof the closure member 256 causes rotation of the pinion 266, whichcauses linear displacement of the rack 264 as shown by arrow 268. Ofcourse, a mechanism for slidably supporting the electrical connector 254and rack 264 is provided in a manner that will be understood by thoseskilled in the art, and is not illustrated or described further here.

FIGS. 9A to 9D show a fourth configuration of a dongle. As in the thirdconfiguration of dongle described in relation to FIGS. 8A to 8D, theelectrical connector 254 is movable between a first position, shown inFIGS. 9A and 9B, where it is contained completely within the casing ofthe dongle 270, and a second position, shown in FIGS. 9C and 9D, wherethe connector 254 is shown extending from the casing of dongle 270.However, in the third configuration, the linear movement of theelectrical connector 254 in the direction of arrow 268 is provided byrotating knob 272 with respect to the casing of dongle 270 as shown byarrow 274. Rotation of the knob 272 in a first direction causes theconnector 254 to emerge from the casing of dongle 270, and rotation inthe opposite direction causes the connector 254 to be retracted withinthe casing of the dongle 270. Any suitable mechanism for converting therotary motion of the knob 272 into linear motion of the connector 254may be provided. For example, a mechanism described in U.S. Pat. No.5,813,421 (which is incorporated herein by reference) for a lipstickswivel mechanism may be employed. Other suitable mechanisms will beknown to those skilled in the relevant art.

The dongle 270 includes a display 248 for prompting the user to entertheir PIN number and/or for displaying the PIN number as it is entered.The dongle 270, rather than having a series of push buttons (such as anumerical key pad) comprises a data entry knob 276 which is mounted tothe dongle for rotation as shown by arrow 278 and also for linear motionwith respect to the dongle as shown by arrow 280. Each digit of the PINnumber is input by the user grasping the knob 276 and pulling it in adirection away from the casing of the dongle 270 (in the direction ofarrow 280). An indication, such as a flashing cursor then appears on thedisplay 248 indicating that the first digit of the PIN number isexpected. The number is input by rotation of the knob 276 (arrow 278),the displayed number increasing in value with further rotation of theknob 276. When the required number appears on the display 248 the userconfirms that this is the number they wish to input by pushing the knob276 in the opposite direction to arrow 280. To input the next digit ofthe PIN number the knob 276 is again lifted (arrow 280) and the correctnumber is selected by rotation of the knob. The required number isentered by returning the knob 276 to its original position by moving itin the direction opposite to the arrow 280. This procedure is repeateduntil all of the digits of the PIN number have been entered. Each digitof the PIN number as it is entered will be displayed on the display 248.

In the FIG. 9A to 9D embodiment of the dongle 270, a piezo electric cell282 is associated with the knob 280. The piezo electric cell 282 allowspower to be generated by movement of the knob 276. This power may eitherbe stored in an integral capacitor or may be stored in an optional cell284 which is electrically coupled to the piezo electric cell 282. Suchan arrangement obviates the requirement for the dongle 270 to have itsown replaceable power source, whilst allowing the dongle to be operatedwhen not connected to the PC 10. The charge generated by the piezoelectric cell is transient, and after a period of time (for example, 5minutes), the charge is dissipated and any PIN number entered by meansof the knob 276 is lost from the memory of the dongle 270 and cannotlater be retrieved even when power is supplied. This provides anadditional security feature to the dongle 270. Of course, if the dongle270 is connected to the PC 10 while the charge is still present (within5 minutes of entering the PIN in the example given above), the PIN canbe verified and the dongle can then obtain power from the PC10 via theconnector 254 which allows authentication operations described above tobe performed despite the transient nature of the power from the piezoelectric cell 282.

FIGS. 10A to 10D show a fifth configuration of dongle 290. In thisembodiment the dongle 290 comprises a main body part 292 to which theelectrical connector 254 is attached in a fixed position, and aremovable protective cap 294 which, when in position, covers the mainbody 292 and the connector 254 to protect those components and toprovide the dongle 290 with an attractive external appearance.

At the top end of the main body 292 an annular knob 296 is mounted tothe body 292 for rotation with respect to the body 292, as shown byarrow 298. The knob 296 includes a series of markings 300 visible to theuser of the dongle 290—for example, each mark 300 indicating a differentdigit from 0 to 9. A marking 302 is provided at the top of the casing292. In this embodiment, the first digit of the user's PIN number isentered by rotating the knob 96 until the correct digit of the PINnumber (indicated at 300) is aligned with the mark 302. When therelevant digit and the mark 302 are aligned, the user stops rotation ofthe knob 296. When movement of the knob 296 stops, the position of theknob 296 is recorded by the dongle 290 so that the digit of the PINnumber can be detected. The next digit of the PIN number is entered byrotating the knob 296 in an anti-clockwise direction (opposite to arrow298) until the relevant digit of the PIN number is aligned with marking302. Again, when the rotation of the knob stops, the position of theknob is recorded so that the PIN number can be recorded by the dongle290. The next digit of the PIN number is entered by clockwise rotationof the knob 296, and so on, until all of the digits of the PIN numberhave been entered. The manner of data entry using the knob 296 and themarking 302 is similar to that used to enter the combination of a safe.

The dongle 290 further includes an optional digital camera 304 mountedat the axis of rotation of the knob 296 (but fixed with respect to themain body 292). Dongle 290 includes processing means and memory forstoring one or more images captured by the camera 304, and allows theseimages to be transferred to the PC 10 using the connector 254.

FIGS. 11A to 11C show a sixth configuration of a dongle 310. The dongle310 comprises a casing 312 which has an opening 314 at one side thereof.Contained within the casing 312 is a coupling portion 316 to which theelectrical connector 254 is fixed. The coupling portion 316 is connectedto the casing 312 in such a manner that the coupling portion 316 isrotatable about an axis indicated by dotted line 318.

Connected to the loop connector 244 is a ring 320, which provides aconvenient means by means a slidable part 322, which is mounted forsliding with respect to the casing 312, may be moved with respect to thecasing 312 in the direction of arrow 324. By means of a rack and pinionor any other suitable mechanism (not shown) the movement of the slidingpart 322 with respect to the casing 312 in the direction of arrow 324 istranslated into rotational movement of the coupling portion 316 aboutthe axis 318. The different positions that the coupling part 316 movesthrough as the sliding part 322 is moved with respect to the casing 312are shown by the ghost lines in FIG. 11C.

When the sliding part 322 reaches its maximum travel in the direction ofarrow 324, the coupling part 316 is rotated 180° with respect to thecasing 312. The coupling portion 316 is returned to the position shownin FIGS. 11A and 11 B by sliding the sliding part 322 in the directionopposite to arrow 324. When the coupling part 316 is in the positionshown in FIGS. 11A and 11B, the connector 254 is protected by thesliding part 322.

The embodiments shown in FIGS. 8,9,10 and 11 provide various means bywhich the electrical connector 254 can be concealed and protected whennot required.

In the FIG. 9 embodiment the power source of the dongle is piezoelectric cell 282.

A similar power source may be provided in the dongles illustrated inFIGS. 8,10 and 11, with power being generated by movement of the closuremember 256 of the dongle 250 of FIG. 8, the movement of the knob 296 ofthe dongle 290 of FIG. 107, or movement of the sliding part 322 of FIG.11. Alternatively, or additionally, these dongles may include areplaceable battery or a rechargeable battery which is recharged whenthe dongle 250,280,290,310 is connected to the PC 10.

Whilst the dongles described include an electrical connector 254 whichis shown as a USB connector, it should be appreciated that any othersuitable type of electrical connector may be provided. For example, theconnector 254 may be a SmartMedia (trade mark) device. Alternatively,data and/or power may be transmitted between the dongle and the PC 10 by“near field” technology, for example, in accordance with the Near FieldCommunication Interface and Protocol (NFCIP-1) protocol. If near fieldtechnology is employed, the provision of a movable electrical connector254 will not be necessary.

The dongles of FIGS. 8 to 11 may or may not include the dongle interfacedriver 36 described in relation to FIGS. 3 and 4.

The dongles of FIGS. 9 and 10 may allow the PIN to be passed to the PC10 for validation, or such validation may be performed within the donglefor improved security.

Of course, the dongles of FIGS. 8 and 11 may be provided with a PINentry means if required.

1. A method for carrying out an authentication process forauthenticating a subsequent transaction by any one of a plurality ofusers with data processing apparatus, including the step during theauthentication process of operatively associating with the dataprocessing apparatus a selected one of a plurality of authenticationstorage means respective to the users, each authentication storage meansstoring predetermined authentication information and being registerablewith a common telecommunications system for which the users haverespective telecommunications terminals, and the step of carrying outthe authentication process via a communications link with the commontelecommunications system, the authentication process being carried outby authenticating means incorporated in the telecommunications systemand involving the use of the predetermined authentication informationstored by the selected one authentication storage means, thepredetermined authentication information stored by each authenticationstorage means corresponding to information which is used to authenticatethat user's telecommunications terminal in relation to thetelecommunications system but the authentication process forauthenticating the transaction by that user with the data processingapparatus not requiring use of that user's telecommunications terminalnor requiring the telecommunications terminal to be actuallyauthenticated by that information in relation to the telecommunicationssystems.
 2. A method according to claim 1, in which the authenticationstorage means is associated with the data processing apparatus by beingassociated with data or software for use by that data processingapparatus.
 3. A method according to claim 2, in which the authenticationstorage means is incorporated on a data carrier for the data orsoftware.
 4. A method according to claim 1, in which the authenticationstorage means includes processing means.
 5. A method according to claim4, in which each user is authenticated in the telecommunications systemby means of the use of a smart card or subscriber identity module, andin which the authentication storage means respective to that usercorresponds to or simulates the smart card for that user.
 6. A methodaccording to claim 1 in which the authentication process involves thesending of a message and the generation of a response dependent on themessage and the predetermined information.
 7. A method according toclaim 1, including the step of levying a charge for the transaction whenauthenticated.
 8. A method according to claim 7, in which the step oflevying the charge is carried out by the said system.
 9. A methodaccording to claim 1 in which the data processing apparatus (10) is apersonal computer.
 10. A method according to claim 1, wherein theauthentication storage means (12) communicates wirelessly toauthenticate the transaction.
 11. A method according to claim 5, whereinthe authentication storage means is one of a smart card and SIM that isoperable to authenticate the user's telecommunications terminal for usein the system.
 12. A method according to claim 1, wherein theauthentication storage means is provided with a carrier coupleable tothe data processing apparatus.
 13. Data processing apparatus incombination with a selected one of a plurality of authentication storagemeans which are respective to users and are each for storingpredetermined authentication information relating to the carrying out ofan authentication process for authenticating a subsequent transaction bythe users with the data processing apparatus, the authentication storagemeans all being registrable with a common telecommunications system forwhich the users have respective telecommunications terminals, theauthentication storage means when operatively associated with the dataprocessing apparatus being operative to carry out the authenticationprocess via a communications link with that system, the authenticationprocess being carried out by authenticating means incorporated in thesystem and involving the use of the predetermined information stored bythe selected one authentication storage means, the predeterminedauthentication information stored by each authentication storage meanscorresponding to information which is used to authenticate that user'stelecommunications terminal in relation to the telecommunications systembut the authentication process for authenticating the transaction bythat user with the data processing apparatus not requiring that use ofuser's telecommunications terminal nor requiring the telecommunicationsterminal to be actually authenticated by that information in relation tothe telecommunications system.
 14. Apparatus according to claim 13, inwhich the authentication storage means includes processing means. 15.Apparatus according to claim 13, in which each user is authenticated inthe telecommunications system by means of the use of a smart card orsubscriber identity module, and in which the authentication storagemeans respective to that user corresponds to or simulates the smart cardfor that user.
 16. Apparatus according to claim 13, in which theauthentication process involves the sending of a message and thegeneration of a response dependent on the message and the predeterminedinformation.
 17. Apparatus according to claim 13, including means forlevying a charge for the transaction when authorised.
 18. Apparatusaccording to claim 17, in which the means for levying the charge is partof the common system.
 19. Apparatus according to claim 13, wherein theauthenticate storage means communicates wirelessly to authenticate thetransaction.
 20. Apparatus according to claim 15, wherein theauthentication storage means is one of a smart card and SIM that isfurther operable to authenticate the user's telecommunications terminalfor use in the system.
 21. Apparatus according to claim 13, wherein theauthentication storage means is provided with a carrier coupleable tothe data processing apparatus.
 22. A data carrier carrying data for usein and by data processing apparatus after an authentication processinvolving the use of the data processing apparatus and separateauthenticating means, the data carrier also incorporating authenticationstorage means storing predetermined authentication informationrespective to a user, the authentication storage means being registeredwith a telecommunications system which includes the authenticating meansand for which the user has a telecommunications terminal, theauthentication storage means being responsive to an input message forderiving a response dependent on the input message and on theauthentication information for enabling the authenticating means tocarry out the authentication process via a communication link with theauthenticating means in the said system whereby to authenticate asubsequent transaction by the user with the data processing apparatusand which involves use of the data carried by the data carrier, thepredetermined authentication information stored by the authenticationstorage means corresponding to information which is used to authenticatethe user registered with the telecommunications system in relation touse of that user's telecommunications terminal in the telecommunicationssystem, but the authentication process for authenticating thetransaction by that user with the data processing apparatus notrequiring use of the user's telecommunications terminal nor requiringthe telecommunications terminal to be actually authenticated by thatinformation in relation to the telecommunications system.
 23. A datacarrier according to claim 22, in which the authentication storage meanscorresponds to or simulates respective subscriber identity modules inthe form of smart cards.
 24. A data carrier according to claim 22, inwhich the data carried by the data carrier includes software.
 25. A datacarrier according to claim 22, wherein the authentication storage meanscommunicates wirelessly to authenticate the transaction.
 26. A datacarrier according to claim 23, wherein the authentication storage meansis one of a smart card and SIM that is further operable to authenticatethe user's telecommunications terminal for use in the system.